Slight issue
Hacking the DDOS control server is illegal even if it's being used for illegal purposes itself.
Security researchers have discovered a vulnerability in a top DDoS attack tool that provides a handy means to neutralise onslaughts. The Dirt Jumper Distributed-Denial-of-Service (DDoS) Toolkit is one of the most popular attack tools available. It was deployed in a digital siege against security news website KrebsonSecurity. …
I ask myself, is that statement entirely true. I'm sure that hacking the control server is indeed illegal in most jurisdictions, but 'all' is a very sweeping statement. I'm sure if you really wanted to zap them, one of the Pacific island nations won't stop you. I volunteer to pop over and run the server if you like.
Not sure that's true. Most jurisdictions include defenses of preventing a greater crime from occurring.
So, if you see someone gonna shoot someone and you smack them over the head with a rock, you technically have assaulted them but you have a defense of preventing a greater crime.
But what are they going to do? Go to the Police and say that they were running a perfectly legitimate distributed denial of service attack when the victims of their attack turned tables on them.
Or as I like to know it the: "Bigger boys came" defence.
Your analogy is not like, for example, a trespasser being shot by a landowner, where someone who is breaking the law is subject to a far more serious crime. This is someone who is committing a serious crime potentially wanting protection from their victims stopping them from committing that crime.
>But what are they going to do?
>Go to the Police and say that they were running a perfectly legitimate distributed denial of service attack when the victims of their attack turned tables on them?
Yes:
http://www.thisisstaffordshire.co.uk/Drug-farmers-court-reporting-theft-10k-cannabis/story-15645317-detail/story.html
Self defense is a legal defense in response to all actual or attempted crimes against person and property in every jurisdiction as far as I know so all a reverse-attacker has to do is to state that you're "working for or on behalf of the victim" and you are away clean. Unless some lawyer here can show us why not?
In theory yes, but that would be crediting the writer with slightly more understanding of the TCP and HTTP protocols than a glance at the pretty diagrams in the respective Wikipedia articles imparts.
And it would also imply that the source is in any way easily maintainable and not kludged together from snippets barfed up on the first page of results of a Google search.
This post has been deleted by its author
Priorities
Try to find who's behind it [1]
Get the servers DNS entries removed
Hacking the server will only temporarily cover up the real problem.
If Hacking the servers can be done without compromising the higher aims, then yes do so, but don't publicize it!
[1] Follow the money! Most/Many such servers have a traceable financial motive